Shostack + Friends Blog

Threat Modeling: Attackers May Adapt, Respond

Reasons for failure in real-world security

This is a really interesting post* about how many simple solutions to border security fail in the real world.

Not everywhere has the infrastructure necessary to upload large datasets to the cloud

Most cloud providers are in not-great jurisdictions for some threat models.

Lying to border authorities, even by omission, ends badly.

Fact is, the majority of "but why don't you just..." solutions in this space either require lying, reliance on infrastructure that may be non-existent or jurisdictionally compromised, or fails openly.

The "post" was originally a long Twitter thread, which is archived, for the moment, at ThreadReader App, which is a far, far better UI than Twitter.

Originally published by Adam on 31 Jan 2019
Last updated on 03 Oct 2019
Categories: threat modeling

Our Favorite Content

General threat modeling posts

The Security Principles of Saltzer and Schroeder, illustrated with Star Wars

Subscribe (RSS/Mail)

RSS/ATOM: The ATOM feed is here. We recommend RSS as the best way to follow this blog, and think generally RSS is the best way to take control of the information you take in. You can read our thinking here.

Email: If you’d like a lower volume set of updates on what Adam is doing, Adam’s New Thing gets only a few messages a year, guaranteed. We include a subset of posts in each.